quick fix

2025-02-03 05:04:11 +03:00 · 2011-07-08 09:01:32 +00:00 · 2011-07-08 09:01:32 +00:00 · ba2c06c9dc
commit ba2c06c9dc
parent c517e97a44
2 changed files with 3 additions and 3 deletions
--- a/lib/core/convert.py
+++ b/lib/core/convert.py
@ -89,7 +89,7 @@ def urldecode(value, encoding=None):

    return result

-def urlencode(value, safe="%&=", convall=False, limit=False):
+def urlencode(value, safe="%&=", convall=False, limit=False, failsafe=True):
    if conf.direct or PLACE.SOAP in conf.paramDict:
        return value

@ -104,7 +104,7 @@ def urlencode(value, safe="%&=", convall=False, limit=False):

    # corner case when character % really needs to be
    # encoded (when not representing url encoded char)
-    if all(map(lambda x: '%' in x, [safe, value])):
+    if failsafe and all(map(lambda x: '%' in x, [safe, value])):
        value = re.sub("%(?![0-9a-fA-F]{2})", "%25", value, re.DOTALL | re.IGNORECASE)

    while True:
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -529,7 +529,7 @@ class Connect:
                # throughly without safe chars (especially & and =)
                # addendum: as we support url encoding in tampering
                # functions therefore we need to use % as a safe char
-                payload = urlencode(payload, "%", False, True)
+                payload = urlencode(payload, "%", False, True, not kb.tamperFunctions)
                value = agent.replacePayload(value, payload)
            elif place == PLACE.SOAP:
                # payloads in SOAP should have chars > and < replaced